0ABOUT THIS GUIDE......................................................................................................................................................... V
2UNPACKING AND SETUP.................................................................................................................................................4
NPACKING
U
ETUP
S
ESKTOP OR SHELF INSTALLATION
D
ACK INSTALLATION
R
OWER ON
P
Power Failure .........................................................................................................................................................................6
4CONNECTING THE SWITCH......................................................................................................................................... 10
Console port (RS-232 DCE).................................................................................................................................................. 12
IP Addresses and SNMP Community Names........................................................................................................................ 12
Spanning Tree Algorithm...................................................................................................................................................... 15
STA Operation Levels............................................................................................................................................................ 15
On the Bridge Level............................................................................................................................................................................... 15
On the Port Level ................................................................................................................................................................................... 16
Illustration of STA................................................................................................................................................................. 16
Port Trunking........................................................................................................................................................................ 18
Steps to Create Administrator or Normal User Access......................................................................................................... 27
Administrator and Normal User Privileges........................................................................................................................... 28
Save Changes........................................................................................................................................................................ 28
Add/Modify User Account..................................................................................................................................................... 29
View/Delete User Account..................................................................................................................................................... 31
System Configuration............................................................................................................................................................ 31
Configure IP Address............................................................................................................................................................................. 32
Configure Port Mirroring ....................................................................................................................................................................... 37
Configure Spanning Tree Protocol......................................................................................................................................................... 38
Configure Filtering and Forwarding Table ............................................................................................................................................. 40
Update Firmware and Configuration Files........................................................................................................................... 56
System Utilities......................................................................................................................................................................57
Save Settings to TFTP Server................................................................................................................................................................. 59
Save Switch History to TFTP Server...................................................................................................................................................... 59
Browse GVRP Status ............................................................................................................................................................................. 67
Port Mirror ............................................................................................................................................................................................. 76
Configure Spanning Tree Protocol......................................................................................................................................................... 81
Switch STP
Port STP
Configure Filtering and Forwarding Table ............................................................................................................................................. 83
Port Based VLAN Setup ........................................................................................................................................................................ 93
Port Trunking ......................................................................................................................................................................................... 99
Browse GVRP Status ........................................................................................................................................................................... 108
History Log........................................................................................................................................................................................... 109
Save Settings to TFTP Server............................................................................................................................................................... 110
Save Switch History to TFTP Server.................................................................................................................................................... 111
This user’s guide tells you how to install your DGS-3208F stand-alone Switch, how to connect it to your
Gigabit Ethernet network, and how to set its configuration using either the built-in console interface or Webbased management.
BOUT THIS
G
UIDE
Terms
For simplicity, this documentation uses the terms “Switch” (first lette r upper case) to refer to the DGS-3208F
Gigabit Ethernet Switch, and “switch” (first letter lower case) to refer to all Ethernet switches, including the
DGS-3208F.
Overview of this User’s Guide
Chapter 1, “
♦
Chapter 2, “
♦
Introduction
Unpacking and Setup
.” Describes the Switch and its features.
.” Helps you get started with the basic installation of the Switch.
Chapter 3, “
♦
LED indicators of the Switch.
Chapter 4, “
♦
network.
Chapter 5, “
♦
console port and other aspects about how to manage the Switch.
Chapter 6, “
♦
and monitor Switch performance and security.
Chapter 7, “
♦
browser.
Appendix A, “
♦
Identifying External Components
Connecting the Switch
Switch Management Concepts
Using the Console Interface
Web-Based Network Management
Technical Specifications
.” Tells how you can connect the DGS-3208F to yo ur Gig abit Ethern et
.” Lists the technical specifications of the DGS-3208F.
.” Describes the front panel, rear panel, side panels, and
.” Talks about local console management via th e RS-232 DCE
.” Tells how to use the built-in console interface to change, set,
.” Tells how to manage the Switch through an Internet
v
Gigabit Ethernet Switch User’s Guide
1
1 I
This section describes the features of the DGS-3208F, as well as giving some background information about
Gigabit Ethernet and switching technology.
NTRODUCTION
Gigabit Ethernet Technology
Gigabit Ethernet is an extension of IEEE 802.3 Ethernet utilizing the same packet structure, format, and
support for CSMA/CD protocol, full duplex, flow control, and management objects, but with a tenfold increase
in theoretical throughput over 100-Mbps Fast Ethernet and a hundredfold increase over 10-Mbps Ethernet.
Since it is compatible with all 10-Mbps and 100-Mbps Eth ernet environments, Gigabit Ethernet provide s a
straightforward upgrade without wasting a company’s existing investment in hardware, software, and trained
personnel.
The increased speed and extra bandwidth offered by Gigabit Ethernet is essential to coping with the network
bottlenecks that frequently develop as computers and their busses get faster and more users use applications
that generate more traffic. Upgrading key components, such as your backbone and servers to Gigabit Ethernet
can greatly improve network response times as well as significantly speed up the traffic between your subnets.
Gigabit Ethernet enables fast fiber-optic and copper connections to support video conferencing, complex
imaging, and similar data-intensive applications. Likewise, since data transfers occur 10 times faster than
Fast Ethernet, servers outfitted with Gigabit Ethernet NIC’s are able to perform 10 times the number of
operations in the same a mount of time.
In addition, the phenomenal bandwidth delivered by Gigabit Ethernet is the most cost-effective method to
take advantage of today and tomorrow’s rapidly improving switching and routing internetworking
technologies. And with expected advances in the coming years in silicon technology and digital signal
processing that will enable Gigabit Ethernet to eventually operate over unshielded twisted-pair (UTP) cabling,
outfitting your network with a powerful 1000-Mbps-capable backbone/server connection creates a flexible
foundation for the next generation of network technology products.
Switching Technology
Another key development pushing the limits of Ethernet technology is in the field of switching technology. A
switch bridges Ethernet packets at the MA C address level of the Ethernet protocol transmitting among
connected Ethernet or fast Ethernet LAN segments.
Switching is a cost-effectiv e way of increasing the total network capacity available to users on a local area
network. A switch increases capacity and decreases network loading by making it possible for a local area
network to be divided into different
capacity, giving a decreased load on each.
The switch acts as a high-speed selective bridge between the individual segments. Traffic that needs to go
from one segment to another is automatically forwarded by the switch, without interfering with any other
segments
which don’t compete with each other for network transmission
1
Gigabit Ethernet Switch User’s Guide
segments. This allows the to tal network capacity to be mu ltiplied, while still main taining the same n etwork
cabling and adapter cards.
Switching LAN technology is a marked improvement over the previous generation of network bridges, which
were characterized by higher latencies. Routers have also been used to segment local area networks, but the
cost of a router and the setup and mainte nan ce re quire d make ro ute rs re lative ly impractical. To day ’s sw itche s
are an ideal solution to most kinds of local area network congestion problems.
Features
The DGS-3208F Gigabit Ethernet Switch was designed for easy installation and high performance in an
environment where traffic on the network and the number of users increase continuously.
RS-232 DCE console port for diagnosing the Switch v ia a connection to a PC and console/out-of-band
♦
management.
Performance features
Store and forward switching scheme capability to support rate adaptation and protocol conversion.
♦
Full duplex to allow two communicating stations to transmit and receive at the same time.
♦
Data forwarding rate 1,488,100 pps per port at 100% of wire-speed for 1000-Mbps speed.
♦
Data filtering rate eliminates all erro r packets, runts, etc. at 1,488,100 pps per port at 100% of wire-
♦
speed for 1000-Mbps speed.
12K active MAC address entry table per device with automatic learning and aging.
♦
16 MB packet buffer per device.
♦
Supports broadcast storm rate filtering.
♦
Supports IGMP snooping.
♦
Supports port mirroring.
♦
Supports GVRP.
♦
Supports GMRP (802.1P).
♦
Supports 802.1P priority (tag mode).
♦
Supports static filtering (based on MAC Address)
♦
Supports port-based VLAN (overla pping VLANs are excluded).
♦
Supports IEEE 802.1Q VLAN.
♦
2
Gigabit Ethernet Switch User’s Guide
Supports Link Aggregation Capability.
♦
Management
RS-232 console port for out-of-band management via a PC.
♦
IEEE 802.1d Spanning Tree Algorithm Protocol for creation of alternative backup paths and pre vention
♦
of indefinite network loops.
Fully configurable either in-band or out-of-band control via SNMP based software.
♦
Flash memory for software upgrade. This can be done in-ban d via BOOTP/TFTP. Out-of-band con sole
♦
can also initiate a download request.
Built-in SNMP management: Bridge MIB (RFC 1493), RMON MIB (RFC 1757), MIB-II (RFC 1213),
♦
VLAN MIB (802.1Q), 802.1D MIB, and D-Link proprietary MIB.
3
Gigabit Ethernet Switch User’s Guide
2
2 U
This chapter provides unpacking and setup information for the Switch.
NPACKING AND SETUP
Unpacking
Open the shipping carton of the Switch and carefully unpack its contents. The carton should contain the
following items:
One DGS-3208F Gigabit Ethernet Switch
♦
Accessory pack: 2 mounting brackets and screws
♦
Four rubber feet with adhesive backing
♦
One AC power cord
♦
This user’s guide on CD-ROM
♦
If any item is found missing or damaged, please contact your local D-Link reseller for replacement.
Setup
The setup of the Switch can be performed using the following steps:
The surface must support at least 5 kg.
♦
The power outlet should be within 1.82 meters (6 feet) of the device.
♦
Visually inspect the power cord and see that it is secured fully t o the AC power connector.
♦
Make sure that there is proper heat dissipation from and adequate ventilation around the Switch. Do
♦
not place heavy objects on the Switch.
Desktop or Shelf Installation
When installing the Switch on a desktop or shelf, the rubber feet included with the device must be first
attached. Attach these cushioning feet on the bottom at each corner of the device. Allow enough ventilation
space between the device and the objects around it.
4
Gigabit Ethernet Switch User’s Guide
Figure 2-1. Gigabit Ethernet Switch installed on a Desktop or Shelf
Rack Installation
The DGS-3208F can be mounted in an EIA standard size, 19- inch rack, which can be placed in a wiring close t
with other equipment. To install, attach the mounting brackets on the switch’s front panel (one on each side)
and secure them with the screws provided.
Figure 2- 2A. A ttaching the mounting brackets to the Switch
Then, use the screws provided with the equipment rack to mount the Switch in the rack.
Figure 2-2B. Installing the Switch in an equipment rack
Power on
The DGS-3208F Switch can be used with AC power so urces 100 ~ 240 VAC, 50 ~ 60 Hz. The Switch’s pow er
supply will adjust to the local p ower source automatically and may be turned o n without having any or all
LAN segment cables connected.
5
Gigabit Ethernet Switch User’s Guide
After the device is powered on, the LED indicators should respond as follows:
The Power LED indicator will light wh ile the Switch loads onboard software, and should re main on as
♦
long as the switch has power.
The Console LED indicator will remain ON if there is a connection at the RS-232 port, otherwise this
♦
LED indicator is
OFF
.
Power Failure
As a precaution, the Switch should be unplugged in case of p ower failure. When powe r is resumed, plug the
Switch back in.
6
Gigabit Ethernet Switch User’s Guide
3
3 I
This chapter describes the front panel, rear panel, side panels, and LED indicators of the Switch
DENTIFYING EXTERNAL
C
OMPONENTS
Front Panel
The front panel of the Switch consists of eight 1000BASE-SX (SC-type) multimode fiber ports, an RS-232
communication port, and LED indicators.
Figure 3-1. Front panel view of the DGS-3208F Switch
Eight Gigabit Ethernet ports of fixed 1000BASE-SX multimode fiber interface for connections to
♦
workstations, servers, and networking devices through multimode optical fiber cabling.
An RS-232 DCE console port is for diag nosing the Switch via a connection to a PC and local console
♦
management.
Comprehensive LED indicators display the condition of the Switch and status of the network. A
♦
description of these LED in dicators follows (see
LED Indicators
).
Rear Panel
The rear panel of the Switch consists of an AC power connector. The following shows the rear panel of the
Switch.
Figure 3-2. Rear panel view of the DGS-3208F
7
Gigabit Ethernet Switch User’s Guide
♦ AC Power Connector
female connector of the provided power cord into this connector, and the male into a power outlet.
Supported input voltages range from 100 ~ 240 VAC at 50 ~ 60 Hz.
This is a three-pronged connector that supports the power cord. Plug in the
Side Panels
The Switch’s side panels contain the system fans, two on the right and one on th e left. The following shows the
Switch’s right side panel.
Figure 3-3. Right side panel view of the DGS-3208F
♦ System Fans
serve the same purpose. Be sure not to block these openings, and to leave adequate space at the rear
and sides of the Switch for proper ventilation. Remember that without proper heat dissipation and air
circulation, system components might overheat, which could lead to system failure.
These fans are used to dissipate heat. The sides of the system also provide heat vents to
LED Indicators
The LED indicators of the Switch include Power, Console, Link/ACT, and Full. The following shows the LED
indicators for the Switch along with an explanation of each indicator.
Figure 3-4. The DGS-3208F Switch LED indicators
♦ Power
Switch is loading onboard so ftware. This indicato r should then re main on to indicate the ready state of
the Switch.
♦ Console
management through the RS-232 console port using a straight-through serial cable. When a secured
connection is established, this LED indicator is lit. Otherwise, it remains dark.
After turning on the powe r, the Powe r indicator on the front panel sho uld light to indic ate the
This LED indicator is lit when the Switch is being managed via out-of-band/local console
8
Gigabit Ethernet Switch User’s Guide
♦ Link/ACT
These LED indicators are lit when there is a secure connection (or link) to a device at any of
the ports. The LED indicators blink whenever there is reception or transmission (i.e. Activity—ACT) of
data occurring at a port.
♦ Full
These LED indicators are illuminated when a port is operating in full-duplex mode.
9
Gigabit Ethernet Switch User’s Guide
4
4 C
This chapter describes how to connect the DGS-3208F to your Gigabit Ethernet network.
ONNECTING THE SWITCH
PC to Switch
A PC can be connected to the Switch via a fiber optic cable. The PC should be connected to any of the eight
ports (1x – 8x) of the DGS-3208F.
Figure 4-1. DGS-3208F Switch connected to a PC or Workstation (full-duplex mode is required)
The LED indicators for PC connection are de pendent on the LAN card capabilities. If LED indicators are not
illuminated after making a proper connection, check the PC’s LAN card, the cable, Switch conditions, and
connections.
The following is an LED indicator possibility for a PC to Switch connection:
The Link/ACT LED indicator lights up upon hookup.
♦
Switch to Switch (other devices)
The Switch can be connected to another switch or other devices (routers, bridges, etc.) via a fiber optic cable.
10
Figure 4-2. DGS-3208F Switch to switch connection.
Gigabit Ethernet Switch User’s Guide
11
Gigabit Ethernet Switch User’s Guide
5
5 S
WITCH
M
ANAGEMENT
C
ONCEPTS
Local Console Management
Local console management involves the administration of the DGS-3208F Switch via a direct connection to the
RS-232 DCE console port. From the Main Menu screen of the console pr ogram, an Administrator or N ormal
User (defined in the next chapter) has privilege and access to manage, control, and monitor the many
functions of the Switch.
The components of the Switch allow them to be part of a manageable network. These components include a
CPU, memory for data storage, other related hardware, and the SNMP agent firmware. Activities on the
Switch can be monitored with these components, while the Switch can be manipulated to carry out specific
tasks.
Out-of-band management for the Switch is accomplished through a locally connected management terminal to
the RS-232 console port. Through this port, a user can set up, monitor, or change the configuration of the
Switch.
The Spanning Tree Algorithm (STA) provides the capability for the Switch to operate properly with other
Bridges in a SNMP networ k supporting th e STA. Using the STA, th e network w ill prevent n etwork loo p, and
automatically establish and activate a backup path in the event of a path failure.
Console port (RS-232 DCE)
Out-of-band management requ ires connecting a PC (with a SNMP manag ement platform) to the RS-232 DC E
console port of the Switch . Switch management using terminal emulation/VT100 when co nnected to the RS232 DCE console port is called
management platforms.
The console port is set for the following configuration:
Baud rate:9,600
◊
Parity:none
◊
Data width:8 bits
◊
Stop bits1
◊
Local Console Management
to differentiate it from management done via
IP Addresses and SNMP Community Names
Each Switch has its own IP Address, which is used for communication with an SNMP network manager or
other TCP/IP application ( for exam ple BO OTP, TFTP). Yo u can c hange the defa ult Switch IP Addr ess to m eet
the specification of your networking address scheme.
12
Gigabit Ethernet Switch User’s Guide
In addition, you can also set in the Switch an IP Address for a gateway or a router. It is useful when the
management station is not located on the same network as the Switch, making it necessary for the Switch to
go through a gateway or router to reach the network manager.
For security, you can set in the Switch a list of IP Addresses of the network managers that you allow to
manage the Switch . You can also ch ange the d efault Comm unity Name in the Switch an d set access rig hts of
these Community Names.
Traps
Trap managers are special users of the network who are given certain rights and access in overseeing the
maintenance of the network. Trap managers can receive traps sent from the Switch; they must immediately
take certain actions to avoid future failure or break down of the network.
Traps are messages that alert you of events that occur on the Switch. The events can be as serious as a reboot
(someone accidentally turned
traps and sends them to the n etwork manager (trap man agers). The following lists the types of events that
can take place on the Switch.
System resets
◊
the Switch), or less serious like a port status change. The Switch generates
OFF
Errors
◊
Status changes
◊
Topology changes
◊
Operation
◊
You can also specify which network managers may receive traps from the Switch by setting a list of IP
Addresses of the authorized network managers.
The following are trap types a trap manager will receive:
♦ Cold Start
settings are reconfigured and hardware systems are rebooted. A cold start is different from a factory
reset.
♦ Warm Start
Test) is skipped.
♦ Authentication Failure
a valid user of the Switch and may have entered an incorrect community name.
♦ New Root
is sent by a bridge soon after its election as the new root. This implies that upon expiration of the
Topology Change Timer th e new root trap is sent out immediate ly after the Switch ’s selection as a new
root.
This trap signifies that the Switch has been powe red up and initialize d such that softw are
This trap signifies that the Switch has been rebooted, however the POST (Power On Self-
This trap signifies that an addressee (or manager/user) on the Switch is not
This trap indicates that the Switch has become the new root of the Spanning Tree, the trap
♦ Topology Change
transitions from the Learning state to the Forwarding state, or from the Forwarding state to the
Blocking state. The trap is not sent if a new root trap is sent for the same transition.
♦ Link Change Event
from link down to link up.
A Topology Change trap is sent by the Switch when any of its configured ports
This trap is sent whenever the link of a port changes from link up to link down or
13
Gigabit Ethernet Switch User’s Guide
MIBs
The information stored in the Switch is known as the Management Information Base (MIB). The Switch uses
the standard MIB-II Management Information Base module. Consequently, MIB values inside the Switch can
be retrieved from any SNMP-based network manager. In addition to the standard MIB-II, the Switch also
supports its own proprietary enterprise MIB as an extended Management Information Base. These MIBs may
also be retrieved by specifying the MIB’s Object-Identity (OID) at the network manager. MIB values can be
either read-only or read-write.
Read-only MIBs variables can be either constants that are programmed into the Switch, or variables that
change while the Switch is in operation. Examples of read-only constants are the number of ports and types
of ports. Examples of read-only variables are the statistics counters such as the number of errors that have
occurred, or how many kilobytes of data have been received and forwarded through a port.
Read-write MIBs are variables usually related to user-customized configurations. Examples of these are the
Switch’s IP Address, Spanning Tree Algorithm parameters, and port status.
If you use a third-party vendors’ SNMP software to manage the Switch, a diskette listing the Switch’s
propriety enterprise MIBs can be obtained by request. If your software provides functions to browse or modify
MIBs, you can also get the MIB values and change them (if the MIBs’ attributes permit the write operation).
This process however can be qu ite involved, since you must k now the MIB OIDs and retrieve them one by one.
Packet Forwarding
The Switch looks at the network configuration to forward packets. This reduces the traffic congestion on the
network, because packets, instead of being transmitted to all segments, are transmitted to the destination
only. Example: if Port 1 receives a packet destined for Port 2, the Switch transmits that packet through Port
2 only, and transmits nothing through Port 1.
♦ Filtering Database
other ports on that Switch, in order to prevent the duplication of frames. Frames transmitted between a
pair of end stations can be confined to LANs that form a path between those end stations.
The functions that support the use and maintenance of filtering database information are:
Permanent configuration of reserved addresses.
1.
Explicit configuration of static filtering information.
2.
Automatic learning of dynamic filtering information through observation of Switched Local Area
3.
Network traffic.
Aging out of filtering information that has been automatically learned.
4.
Calculation and configuration of Switched Local Area Network topology.
5.
A Switch filters frames, i.e., does no t relay frames received by a Switch port to
Aging Time
The Aging Time is a parameter that affects the auto-learn process of the Switch in terms of the network
configuration. Dynamic Entries, which make up the auto-learned-node address, are aged out of the address
table according to the Aging Time that you set.
The Aging Time can be from 1 to 99 minutes. A very long Aging Time can result with the out-of-date Dynamic
Entries that may cause incorrect packet filtering/forwarding decisions .
14
Gigabit Ethernet Switch User’s Guide
In the opposite case, if the Aging Time is too short, many entries may be aged out soon, resulting in a high
percentage of received packets whose source addresses cannot be found in the address table.
Spanning Tree Algorithm
The Spanning Tree Algorithm (STA) in the Switch allows you to create alternative paths (with multiple
switches or other types of bridges) in your network. These backup paths are idle until the Switch determines
that a problem has developed in the primary path s. When a primary path is lost, the switch providing the
alternative path will automatically go into service with no operator intervention. This automatic network
reconfiguration provides maximum uptime to network users. The concept of the Spanning Tree Algorithm is a
complicated and complex subject and must be fully researched and understood. Please read the following
before making any changes.
♦ Network loop detection and prevention
LANs. If there is more than one path, forwarded packets will lo op indefin itely. STA detects any looped
path and selects the path with the lowest path cost as the activ e path , w hile blo ckin g th e o the r p ath an d
using it as the backup path.
♦ Automatic topology re-configuration
backup path will be automatically activated, and STA will automatically re-configure the network
topology.
With STA, there will be only one path between any two
When the path for which there is a backup path fails, the
STA Operation Levels
STA operates on two le vels: the bridge leve l and the port le vel. On the bridge le vel, STA calculate s the Bridg e
Identifier for each Switch, then sets the Root Bridge and the Designated Bridges. On the port level, STA sets
the Root Port and Designated Ports. Details are as follows:
On the Bridge Level
♦ Root Bridge
the Root Bridge to be the best switch among the switches in the loop to ensure the highest network
performance and reliability.
♦ Bridge Identifier
the MAC address of the sw itch. Example: 4 00 80 C8 00 01 00, whe re 4 is the Bridge Priority. A lower
Bridge Identifier results in a higher priority for the switch, and thus increases it probably of being
selected as the Root Bridge.
The switch with the lowe st Bridge Identif ier is the Ro ot Brid ge. Naturally , yo u w ill w ant
This is the combination of the Bridge Priority (a parameter that you can set) and
♦ Designated Bridge
to the Root Bridge is the Designated Bridge. It forwards data packets for that LAN segment. In cases
where all Switches have the same Root Path Cost, the switch with the lowest Bridge Identifier becomes
the Designated Bridge.
♦ Root Path Cost
Root Path Costs of all the switches that the packet goes through. The Root Path Cost of the Root Bridge
is zero.
♦ Bridge Priority
the Bridge Priority is. The higher the Bridge Priority, the better the chance the Switch will be selected
as the Root Bridge.
From each LAN segment, the attached Bridge that has the lowest Root Path Cost
The Root Path Cost of a switch is the sum of the Path Cost of the Root Port and the
This is a parameter that use rs can set. The smaller the n umber you set, the higher
15
Gigabit Ethernet Switch User’s Guide
On the Port Level
♦ Root Port
Bridge. In case there are several such ports, then the one with the lowest Port Identifier is the Root
Port.
♦ Designated Port
which the switch is the Designated Bridge.
♦ Port Priority
higher the probability that the port will be selected as the Root Port.
♦ Path Cost
Each switch has a Root Port. This is the port that has the lowest Path Cost to the Root
This is the port on each Designated Bridge that is attached to the LAN segment for
The smaller this number, the higher the Port Priority is. With higher Po rt Priority, the
This is a changeable parameter and may be modified according to the STA specification.
User-Changeable Parameters
The factory default setting should cover the majority of installations. However, it is advisable to keep the
default settings as set at the factory, unless it is absolutely necessary. The user-changeable parameters in the
Switch are as follows:
♦ Bridge Priority
♦ Bridge Hello Time
transmissions of BPDU packets sent by the Root Bridge to tell all other Switches that it is indeed the
Root Bridge. If you set a He llo Time for your Switch, and it is not the Root Bridge, the set Hello Time
will be used if and when you r Switch becomes the Root Bridge. (Note that the Hello Time cannot be
longer than the Max. Age. Otherwise, a configuration error will occur).
A Bridge Priority can be from 0 to 65535. 0 is equal to the highest Bridge Priority.
The Hello Time can be fro m 1 to 10 seconds. This is the inte rval between two
♦ Bridge Max. Age
has still not been received from the Root Bridge, yo ur Switch will start sending its own BPDU to all
other Switches for permission to become the Root Bridge. If it turns out that your Switch has the lowest
Bridge Identifier, it will become the Root Bridge.
♦ Bridge Forward Delay
the Switch spends in th e listening state while moving from the blocking sta te to the forwarding state.
Observe the following formulas when you set the above parameters:
♦ Port Priority
1. Max. Age = 2 x (Forward Delay - 1 second)
2. Max. Age = 2 x (Hello Time + 1 second)
the port will be chosen as the Root Port.
The Max. Age can be from 6 to 40 seconds. At the end of the Max. Age, if a BPDU
The Forward Delay can be from 4 to 30 second s. This is the time any p ort on
A Port Priority can be from 0 to 255. The lower the number, the g reater the pr obability
Illustration of STA
A simple illustration of three Bridg es (or the Switch) connected in a loop is depicted in
example, you can anticipate some major network problems if the STA assistance is not applied. For instance,
if Bridge 1 broadcasts a packet to Brid ge 2, Brid ge 2 will bro adcast it to Bridge 3, Brid ge 3 will broadcast it to
Bridge 1, and so on. The broadcast packet will be passed indefinitely in a loop, causing a serious network
failure.
Figure 5-1
. In this
To alleviate network loop problems, STA can be applied as shown in
the loop by blocking the connection between Bridge 1 and 2. The decision to block a particular connection is
16
Figure
5-2. In this example, STA breaks
Gigabit Ethernet Switch User’s Guide
based on the STA calculation of the most current Bridge and Port settings. Now, if Bridge 1 broadcasts a
packet to Bridge 3, then Bridge 3 will broadcast it to Bridge 2 and the broadcast will end there.
STA setup can be somewhat complex. Therefore, you are advised to keep the default factory settings and STA
will automatically assign root bridges/ports and block loop connectio ns. Howeve r, if you n eed to cu stomize the
STA parameters, refer to
Table 5-1
.
Figure 5-1. Before Applying the STA Rules
Figure 5-2. After Applying the S TA Rules
17
Gigabit Ethernet Switch User’s Guide
STA parametersSettingsEffectsComment
Port Trunking
Bridge Priority
Hello Time
Max. Age Time
Forward Delay
Enable/Disable
Port Priority
Table 5-1. User-selective STA parameters
lower the #,
higher the
priority
1 - 10 sec.No effect, if not
6 - 40 sec.Compete for Root
4 - 30 sec.High # delays the
Port-level STA parameters
Enable/
Disable
lower the #,
higher the
priority
Increases chance of
becoming the Root
Bridge
Root Bridge
Bridge, if BPDU is
not received
change in state
Enable or disable
this LAN segment
Increases chance of
become Root Port
Avoid, if the switch is
used in workgroup level
of a large network
Never set greater than
Max. Age Time
Avoid low number for
unnecessary reset of
Root Bridge
Max. Age ≤ 2 x
(Forward Delay - 1)
Max. Age ≥ 2 x (Hello
Time + 1)
Disable a port for
security or problem
isolation
Port trunking is used to combine a number of ports togethe r to make a single hig h-bandwidth data pipeline.
The participating parts are called members of a trunk group.
The Switch supports up to four trunk groups, the first three which may include from two to four switch ports
each. The fourth trunk group is two ports only.
Figure 5-3. Port trunking example
The switch treats all ports in a trunk group as a single port. As such, trunk ports will no t be blocked by the
spanning tree algorithm.
18
Gigabit Ethernet Switch User’s Guide
Data transmitted to a specific host (de stination address) will always be transmitted over the same port in a
trunk group. This allows packets in a data stream to arrive in the same order they were sent. A trunk
connection can be made with any other switch that maintains host-to-host data streams over a single trunk
port. Switches that use a load-balancing scheme that sends the packets of a host-to-host data stream over
multiple trunk ports cannot have a trunk connection with the Switch.
VLANs & MAC-based Broadcast Domains
VLANs are a collection of users or switch ports grouped together in a secure, autonomous broadcast and
multicast domain. The main purpose of setting up VLANs or a broadc ast domain on a netwo rk is to limit the
range and effects of broadcast packets.
Two types of VLANs are implemented on the Switch: 802.1Q VLANs and port-based VLANs. MAC-based
broadcast domains are a third option. Only one type of VLAN or broadcast domain can be active on the Switch
at any given time, however. Thus, you will need to ch oose the typ e of VLAN or bro adcast domain you wish to
setup on your network and configure the Switch accordingly. 802.1Q VLANs support IEEE 802.1Q tagging,
which enables them to span the entire network (assuming all switches on the network are IEEE 802.1Qcompliant). In contrast, MAC-based broadcast domains are limited to the Switch and devices directly
connected to them.
All VLANs allow a network to be segmented in order to reduce the size of broadcast domains. All broadcast,
multicast, and unknown packets entering the Switch on a particular VLAN will only be forwarded to the
stations or ports (802.1Q and port-based ) that are members o f that VLAN . 802.1Q and p ort-base d VLANs also
limit unicast packets to members of the VLAN, thus providing a degree of security to your network.
Another benefit of 802.1Q and port-based VLANs is that you can change the network topology without
physically moving stations or changing cable connections. Stations can be ‘moved’ to another VLAN and thus
communicate with its membe rs and share its re sources, simp ly by chang ing the po rt VLAN setting s from one
VLAN (the sales VLAN, for example) to another VLAN (the marketing VLAN). This allows VLANs to
accommodate network moves, changes and additions with the utmost flexibility. MAC-based broadcast
domains, on the other hand, allow a station to be physically moved yet still belong to the same broadcast
domain without having to change and configuration settings.
The
untagging
recognize VLAN tags in packet headers. The
switches through a single physical connection and allows Spanning Tree to be enabled on all ports and work
normally (BPDU packets are not tagged).
feature of IEEE 802.1Q VLANs allows VLANs to work with legacy switches that don’t
tagging
feature allows VLANs to span multiple 802.1Q-compliant
MAC-Based Broadcast Domains
The Switch supports up to 12 MAC-base d broad cast domain s, which are by their n ature, limite d to the Switch
itself and the devices connected directly to it.
Since MAC addresses are hard-wired into a station’s network interface card (NIC), MAC-based broadcast
domains enable network managers to move a station to a different physical location on the network and have
that station automatically retain its broadcast domain membe rship. This provides the network with a hig h
degree of fle xibility since e ven no tebook PC’s can p lug into any available port o n a n etwork and co mmunicate
with the same people and use the same resources that have been allocated to the broadcast domain in which it
is a member.
Since MAC-based broadcast domains do not restrict the transmission of known unicast frames to other
broadcast domains, they can only be used to define limited broadcast domains. As such, they are best
implemented on networks where stations are frequently moving, for example where people using notebook
PCs are constantly plugging into different parts of the network.
19
Gigabit Ethernet Switch User’s Guide
Setting up MAC-based broadcast domains is a relatively straightforward process. Simp ly create the broadcast
domain by assigning it a name (description) and add MAC addresses for the stations that will be members.
IEEE 802.1Q VLANs
The Switch supports abou t 2000 802.1Q VLANs. 802.1Q VLANs limit traffic that f lows into and o ut of switch
ports. Thus, all devices connected to a port are members of the VLAN(s) the port belongs to, whether there is a
single computer directly connected to a switch, or an entire department.
On 802.1Q VLANs, NICs do not n eed to be able to identify 802.1Q tags in packet headers. NICs send and
receive normal Ethernet packets. If the packet’s destination lies on the same segment, communications take
place using normal Ethernet protocols. Even though this is always the case, when the destination for a packet
lies on another Switch port, VLAN considerations come into play to decide if the packet gets dropped by the
Switch or delivered.
There are two key comp onents to unde rstanding 802.1Q VLANs: Po rt VLAN ID numbe rs (PVIDs) and VLAN
ID numbers (VIDs). Both v ariables are assigne d to a sw itch port, but there are importan t dif fere nces betwee n
them. A user can only assign one PVID to each switch port. The PVID defines which VLAN a packet belongs
to when packets need to be forwarded to another switch port or somewhere else on the network. On the other
hand, a user can define a port as a member of multiple VLANs (VIDs), allowing the segment connected to it to
receive packets from many VLANs on the ne tw or k. The se tw o v ariable s con trol a p ort’s ability to transmit an d
receive VLAN traffic, and the differenc e between them provides network se gmentation, while still allowing
resources to be shared across more than one VLAN.
802.1Q VLAN Segmentation
The following example is h elpful in explainin g how 802.1Q VLAN seg mentation works. Take a p acket that is
transmitted by a machine on Port 7 that is a member of VLAN 2 and has the Port VLAN ID number 2
(PVID=2). If the destination lies on another port (found through a normal forwarding table lookup), the
Switch then looks to see if the other port (Port 4) is a member of VLAN 2 (and can therefore receive VLAN 2
packets). If port 4 is not a member of VLAN 2, then the packet will be dro pped by the Switch and will not
reach its destination. If Port 4 is a membe r of VLAN 2, the packe t will go th rough. This se lective forward ing
feature based on VLAN criteria is how VLANs segment networks. The key point being that Port 7 will only
transmit on VLAN 2, because it’s Port VLAN ID number is 2 (PVID=2).
Sharing Resources Across 802.1Q VLANs
Network resources such as printers and servers however, can be shared across 802.1Q VLANs. This is
achieved by setting up overlapping VLANs as shown in the di agram below.
Figure 5-4. Example of typical VLAN configuration
20
Gigabit Ethernet Switch User’s Guide
In the above example, there are three different 802.1Q VLANs and each port can transmit packets on o ne of
them according to their Port VLAN ID (PVID). However, a port can receive packets on all VLANs (VID) that it
belongs to. The assignments are as follows:
PVID
(Port VLAN ID)
1Port 1
1Port 2
1Port 3
2Port 6
2Port 7
3Port 4
VID
(VLAN ID)
11, 2, 3, 4
24, 6, 7
31, 2, 3, 4, 6, 7
Ports
Member Ports
Table 5-2. VLAN assignments for Figure 5-4
The server attached to Port 4 is shared by VLAN 1, VLAN 2, and VLAN 3 becau se Port 4 is a member of all
three VLANs (it is listed as a member of VID 1, VID 2, and VID 3). Since it can receive packets from three
VLANs, all ports can succe ssfully send packets to it to be printe d. Ports 1, 2, and 3 send these packets on
VLAN 1 (their PVID=1), and Ports 6 and 7 send these packets on VLAN 2 (PVID=2). The third VLAN
(PVID=3) is used by the server to transmit files that had been requested on VLAN 1 or 2 back to the
computers. All computers that use th e server will receive transmission s from it since they are all located on
ports which are members of VLAN 3 (VID=3).
802.1Q VLANs Spanning Multiple Switches
802.1Q VLANs can span multiple switches as well as yo ur en tire ne two rk. Tw o con side ratio ns to kee p in min d
while building VLANs of this sort are whether the switches are IEEE 802.1Q-compliant and w hether VLAN
packets should be tagged or untagged.
Definitions of relevant terms are as follows:
♦ Tagging
enabled will put the VID n umber, pr iority, and other VLAN informatio n into all p ackets th at flo w out it. If
a packet has previously been tagged, the port w ill no t alte r the packe t, thu s kee pin g the VLAN in fo rmatio n
intact. Tagging is used to send packets from one 802.1Q-compliant device to another.
♦ Untagging
enabled will take all VLAN info rmation ou t of all packe ts that flo w out o f a po rt. If the p acket do esn’t hav e
a VLAN tag, the port will not alter the packet, thus keeping the packet free of VLAN information.
Untagging is used to send packets from an 802.1Q-compliant switch to a non-compliant device.
♦ Ingress port
Ingress Filter enabled, the switch will examine each packet to determine whether or not it is a VLAN
member and then take one of two actions: if the port is not a member of a VLAN, the packet will be
dropped; if the port is a member of a VLAN, then the packet will be forwarded. Othe rwise, if the Ingress
Filter is disabled, then the switch will process any packet received at this port in its normal fashion.
♦ Egress port
an end station, and taggin g decisions mu st be made. If an egress port is connecte d to an 802.1Q- compliant
switch, tagging should be enabled so the other device can take VLAN data into account when making
The act of putting 802.1Q VLAN information into the header of a packet. Ports with tagging
The act of stripping 802.1Q VLAN information out of the packet he ader . Ports with u ntaggin g
A port on a switch where packets are flowing into the switch. If an ingress port has the
A port on a switch where packets are flowing out of the switch, either to another switch or to
21
Gigabit Ethernet Switch User’s Guide
forwarding de cisions (this allows VLANs to span multiple switches). If an egress conne ction is to a noncompliant switch or end-station, tags should be stripped so the (now normal Ethernet) packet can be read
by the receiving device.
VLANs Over 802.1Q-compliant Switches
When switches maintaining th e same VLAN s are 802.1Q -c o mplian t, it is po ssible to u se tag g ing . Tagg in g p uts
802.1Q VLAN information into each packet header, enabling o the r 802.1Q- com plian t switche s that re ceiv e the
packet to know how to treat it. Upon receiving a tagged packet, an 802.1Q-compliant switch can use the
information in the packet header to maintain the integrity of VLANs, carry out priority forwarding, etc.
Data transmissions between 802.1Q-compliant switches take place as shown below.
12345678
Tx RxTx RxTx RxTx RxTx RxTx RxTx RxTx Rx
Figure 5-5. Data transmissions between 802.1Q-compliant Switches
In the above example , step 4 is the key element. Because the packet has 802.1Q VLAN data encoded in its
header, the ingress port can make VLAN-based decisions about its delivery: whether server #2 is attached to a
port that is a member of VLAN 2 and, thus, should the packet be delivered; the queuing priority to give to the
packet, etc. It can also perform these functions for VLAN 1 packets as well, and, in fact, for any tagged packet
it receives regardless of the VLAN number.
If the ingress port in step 4 were connected to a non-802.1Q-compliant device and was thus receiving
untagged packets, it would tag its own PVID onto the packet and use this information to make forwarding
decisions. As a result, the packets coming from the non-compliant device would automatically be placed on the
ingress ports VLAN and could only communicate with other ports that are members of this VLAN.
Port-Based VLANs
Port-based VLANs are a simplified version of the 802.1Q VLANs described in the previous section. In portbased VLANs, all the 802.1Q settings are pre-configured allowing you to quickly and easily setup and
maintain port-based VLANs on your network.
22
Gigabit Ethernet Switch User’s Guide
In port-based VLANs, broadcast, multicast and unkn own packets will be limited to within the VLAN. Thus,
port-based VLANs effectively segment your network into broadcast domains. Furthermore, ports can only
belong to a single VLAN.
Because port-based VLANs are uncomplicated and fairly rigid in their implementation, they are best used for
network administrators who wish to quickly and easily setup VLANs in order to isolate limit the effect of
broadcast packets on their network.
For the most secure implementation, make sure that end stations are directly connected to the switch.
Attaching a hub, switch or other repeater to the port causes all stations attached to the repeater to become
members of the port-based VLAN.
To setup port-based VLANs, simply select a VLAN ID number, name the VLAN, and specify which po rts will
be members. All other ports will automatically be forbidden membership, even dynamically as a port can
belong to only one VLAN.
Broadcast Storms
Broadcast storms are a common problem on today’s networks. Basically, they consist of broadcast packets that
flood and/or are looped on a network causing noticeable performance degradation and, in extreme cases,
network failure. Broadcast storms can be caused by network loops, malfunctioning NICs, bad cable
connections, and applications or protocols that generate broadcast traffic, among others.
In effect, broadcast storms can originate from any number of sources, and once they are started, they can be
self-perpetuating, and can even multiply the number of broadcast packets on the network over time. In the
best case, network utilization will be high and bandwidth limited until the hop counts for all broadcast
packets have expired, whereup on the packets will be discarded and the netwo rk will return to no rmal. In the
worst case, they will multiply, eve ntually using up all the ne twork band width (altho ugh ne twork applicatio ns
will usually crash long before this happens), and cause a network meltdown.
Broadcast storms have long been a concern for network administrators with routers traditionally being used
to prevent their occurrence, and if that failed, to at least limit their scope. However, with the advent of
VLANs, switches are now able to limit broadcast domains better and cheaper than routers. Also, many
switches, including the DG S-3208F, have broadcast sensors an d filters built into each port to furth er control
broadcast storms.
Segmenting Broadcast Domains
The Switch allows you to segment broadcast domains. It does this by forwarding packets only to ports in the
same broadcast domain or VLAN. Thus, broadcast packets will only be forwarded to ports that are members of
the same broadcast domain or VLAN. Other parts of the network are effectively shielded. As a result, the
smaller the broadcast domain, the less effect a broadcast storm will have. Since VLANs and broadcast
domains are implemented at each switch port, they can be quite effective in limiting the scope of broadcast
storms.
Eliminating Broadcast Storms
SNMP agents can be programmed to monitor the number of broadcast packets on switch ports and act on the
data. When the number of broadcast packets on a given port rise past an assigned threshold, an action can be
triggered. When enabled, the usual action is to block the port to broadcast frames, which discards all
broadcast frames arriving at the port from the attached segment. Not only does this isolate the broadcast
domain, but it actually starts removing broadcast packets from the affected segment. When the number of
23
Loading...
+ 103 hidden pages
You need points to download manuals.
1 point = 1 manual.
You can buy points or you can get point for every manual you upload.